sync-builder-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's exec examples explicitly call external endpoints via nango.paginate and nango.get (e.g., endpoint: '/api/records', '/v1/teams/${teamId}/projects') and instruct fetching an "API reference URL" and using user-provided connection/metadata, so the agent will ingest and interpret arbitrary third-party API responses.